USB-stick... friends or foes ?

I generally agree that USB Sticks are a great danger for company networks.

I don't think the virus and malware issue is the main reason (since we use a trustable anti virus solution) but I think industrial espionage is the point!

What about developing new software or constructig a new car. What if you are a company on the stock exchanges?
And what if someone just copies the new code/construction blueprints/annual balance sheets onto that nifty little storage and hands that to your competitor - or lets say - looses the stick...

The very real problem of Virus' jumping sticks to pc's back to sticks is one of the main reasons to disable (at least) auto-run. It is really too bad that Windows doesn't disable this function out of the box.

USB sticks are a security concern for many companies. So are CD roms and e-mail. You can't mitigate every security threat, but you can place controls. For us we have writen policies, Device Control software (McAfee DLP), and Antivirus. If someone needs to use there USB stick they call the helpdesk and we place a timed override on the port. We can also track what is downloaded to and off the usb stick in the same system.

Just like anything USB sticks can be helpful, but in the wrong hands they can be dangerous.

IT Security is all about Risk Assessment and placing controls to reduce risk, and like everything else in IT it's on going.